Speech by Maud de Boer-Buquicchio, Deputy Secretary General of the Council of Europe, at the Internet Governance Forum “Can we win the War against Cyber-Threats?”

Rio de Janeiro, 12 November 2007

The Internet provides tremendous potential for learning and communicating – but also a high potential for crime. Crimes such as fraud, identity theft, child pornography, cyber-hate, pharmaceutical crimes, money laundering, terrorist financing, attacks against computer systems or even critical infrastructures, are often committed through, or facilitated by, the use of the Internet.

The new technologies challenge existing legal concepts. Laws are generally confined to a specific territory, but criminals are increasingly located in places other than where their criminal acts produce their effects. Through the use of the Internet, the more ambitious and technically-skilled criminals are no longer restricted by geography or state borders.

Hence, any effective solution will come only through closer and better international co-operation and specific and effective international legal instruments.

This was the thinking behind the 2001 Council of Europe Convention against Cybercrime, the first and most comprehensive treaty which deals with crimes committed on, through or against computer systems.

The Convention on Cybercrime has three aims.

First, to introduce common definitions of cybercrime offences and help the harmonisation of national legislations.

Second, to identify new investigative and prosecution methods, adapted to the world of Internet.
Third, to facilitate and accelerate international co-operation, also through the creation of a permanent contacts network, operating 24 hours a day and 7 days a week.

This Convention has so far been signed by 43 countries and ratified by 21 States, both from Europe and from other parts of the world. Among others, it has been ratified by the USA and signed by South Africa, Canada and Japan, while Costa Rica, Mexico, and the Philippines have asked to accede and their applications are currently being processed.

This is good, but it is not enough. Any successful campaign against cybercrime will have to be as global as cybercrime itself. The Council of Europe Convention provides the platform for such global co-operation, and it is why other countries should join as soon as possible. From the outset, the Convention was conceived as a global instrument. It is not only a European treaty, it is a treaty drafted in Europe to serve the world, as the USA, South-Africa, Canada, Japan, Costa Rica, Mexico and the Philippines understood very well.

The alternative would be to prepare a new international legal instrument. It is possible of course, but it makes no sense. I sincerely doubt that criminals would give us the courtesy of halting their illegal activities while the world is engaging in protracted negotiations aimed at reinventing the wheel.

But the Convention can, and will be updated and improved. This is why we welcome the ITU initiative to create the Global Cybersecurity Agenda (GCA) as “a platform for dialogue and international co-operation aimed at leveraging existing initiatives, working with recognised sources of expertise in a framework for international co-operation to elaborate global strategies for enhancing confidence and security in the information society”.

We believe that the GCA can provide valuable support to the international fight against cybercrime – provided that it focuses on added-value, not duplication. The Convention on Cybercrime must remain the legal basis for our common fight. Any other approach runs the risk of playing into the hands of the bad guys. Cybercriminals are low on morals, but high on technical skills.

Time is of the essence. The criminals are already too often ahead of us and we should not provide them new opportunities to get even further.

Let me give you the example of the private sector. The industry was initially reserved about the Convention but has since changed its position and now supports its broadest possible application. The private sector understood that freedom of expression and free trade are not incompatible with the adoption of concrete measures to counter crimes online. A safer Internet is a freer Internet and that is in the interest of individual users, public authorities and the industry alike.

It is also in the common interest of all progressive countries in the world, regardless of their geographic location or level of economic development. It is why I wish to thank the ITU – and most particularly its Secretary General - for organising this panel. I believe that in the future we will be working together even more closely to promote the goal common to our two Organisations and all our member states – which is to prevent criminals from turning the Internet from an asset to a liability.